Lenovo Accelerator Application Insecure Update Mechanism

Lenovo Security Advisory: LEN-6718

Potential Impact: Remote code execution by an attacker with local network access

**Severity:**High

Scope of Impact: Lenovo products described below

Summary Description:

A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities. The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available.

The Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems preloaded with the Windows 10 operating system.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo recommends customers uninstall Lenovo Accelerator Application.

There are three ways to uninstall Lenovo Accelerator Application as described here:

1. In Lenovo System Update, click on “Get new updates” and follow the prompts to uninstall Lenovo Accelerator Application. This update will also run automatically if a user has not disabled the “Automatically download and install updates” option.
2. Download and run the Lenovo Accelerator Application removal tool available here.
3. Go to the “Apps and Features” application in Windows 10, select Lenovo Accelerator Application and click on “Uninstall”.

Product Impact:
The Lenovo Accelerator Application was installed on some consumer notebook and desktop systems preloaded with the Windows 10 operating system.
The Lenovo Accelerator Application was never installed on ThinkPad or ThinkStation devices.

Click to expand for more information

Affected Lenovo Notebook Systems:

100/100s/110
305
700
300/300S
310
500/500S
700S
B40-30/B40-45/B40-45/B40-80
B41-30/B41-35/B41-80
B50-10/B50-30/B50-30 Touch/B50-45/B50-50/B50-80/B51-30/B51-35/B51-80/B70-80/B71-80
E31-70/E31-80/E40-30/E40-80/E41-10/E41-15/E41-80/E50-30/E50-80/E51-80
Edge 15
Edge 2-1580
Erazer N40-30/Erazer N40-45
Erazer N50-45/Erazer N50-45
Erazer Z41-70
Erazer Z51-70
FLEX 2 Pro
FLEX 3
FLEX 4
G40-45/G40-80/G40-80m
G41-35
G50/G50-45/G50-80/G50-80m/G50-80Touch
G51-35
G70-35/G70-80
G50
K20-80
K21-80
K41-70/K41-80
M41-70
M51-80
MIIX 3
MIIX 300/MIIX310
MIIX 700
N22 Winbook
N41-35
N51-35
S21e-20
S41-35/S41-70/S41-75
TianYi 300
U31-70
U41-70
V4000
XiaoXin 700
XiaoXin Air 12
Y50-70/Y50-70 Touch
Y50c
Y700/Y700 Touch
Y70-70 Touch
Y900
Yoga 2
YOGA 3 14
Yoga 3 Pro
Yoga 300
YOGA 500/YOGA 510
YOGA 700/YOGA 710/YOGA 900/YOGA 900S
Z40-70/Z40-75
Z50-70/Z50-75
Z41-70
Z51-70
Z70-80

Affected Lenovo Desktop Systems:

50050C/50100E/50550A/50600I
A3300
A7300
A8150
B40
C20
C40
C50
C560
D3000
D5010/ D5050/ D5055
F5005/ F5050/ F5055
G5005/ G5010/ G5050/ G5055
H3005
H30-50
H5005/ H5055
H50-50
IdeaCentre 200
IdeaCentre 300/300S
IdeaCentre 510/510S
IdeaCentre 700
M7300z
M8300z/M8350z
M9550z
Yoga Home 500

Acknowledgements:
Lenovo thanks Mikhail Davidov, Sr. Security Researcher, Duo Security for reporting this vulnerability.

Other information and references:
CVE-2016-3944
Duo Labs, Out-of-Box Exploitation: A Security Analysis of OEM Updaters

Revision History:

Revision

|

Date

|

Description

—|—|—
1.2 |** 6/13/2016**|Additional notebooks added to affected product list ** 1.1**|** 6/07/2016**|Added uninstallation paths via System Update and downloadable removal tool ** 1.0**|** 5/31/2016**|Initial release